Sony Pictures gets pwned by LulzSec

Trent Nouveau, 2nd June 2011

The hacker group known as LulzSec is claiming credit for an extensive digital raid against SonyPictures.

A massive number of cyber casualties have been reported thus far, including the passwords, email addresses, home addresses and DOB's of over 1,000,000 users.

The group also says it has compromised all admin details of Sony Pictures (including passwords), along with 75,000 music codes and 3.5 million music coupons.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," LulzSec explained in an official communiqué.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

The group added that the digital infiltration was a huge "embarrassment," to Sony and offered up the SQLi link for verification purposes.

"In only 23 days we hacked Fox, PBS, Sony, and got our website fully up and running," a LulzSec member tweeted.

"[So] keep on crying, Sony fanboys. Your tears create the sea and your whining creates the wind that we so gracefully use to traverse onward."

The Japanese-based corporation is reportedly looking into the incident, but has yet to either confirm or deny its occurrence.